Re: ACCEPT-RP

Thanks Gary, that is helpful.

On 20 October 2010 18:31, garry baker <baker.garry_at_gmail.com> wrote:
> i will give an explanation a go...
>
> this command 'ip pim accept-rp' i usually use with an access-list that lists
> the groups that i allow for that rp-address
>
> so the rp-address is the ip address of the RP that you want certain groups
> to be able to join, so this will start as IGMP joins(membership report/query
> ) than the router will turn them into PIM register join/prune messages
> headed for the RP, so this should only be affecting PIM register join/prunes
> the way i see it, and that is what i seen in wireshark also, did my setup in
> gns3, and the embedded wireshark sheds alot of light...
>
> so you can either put this just on the RP and the RP will drop them or you
> can put them on all the routers in the multicast path to the RP and drop
> them before they get to the RP
>
> easy enough to see happen in simple topo
>
> R1 <-> R2 <-> R3
>
> make R3 the rp and have R1 join some group that is not in the access-list
> you specify and see the message on R3 denying the "joins"
> R3#
> *Mar 1 00:17:11.759: %PIM-6-INVALID_RP_JOIN: Received (*, 239.11.11.11)
> Join from 23.23.23.2 for invalid RP 3.3.3.3
> *Mar 1 00:17:29.819: %PIM-1-INVALID_RP_REG: Received Register from router
> 12.12.12.1 for group 239.11.11.11, 3.3.3.3 not willing to be RP
>
> move the command back to R2 and watch the joins get dropped there instead:
> R2#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> R2(config)#ip pim accept-rp 3.3.3.3 ALLOWED_MGROUPS
> R2(config)#!
> R2(config)#ip access-list standard ALLOWED_MGROUPS
> R2(config-std-nacl)# permit 239.3.3.3
> R2(config-std-nacl)# permit 239.2.2.2
> R2(config-std-nacl)#
> *Mar 1 00:29:42.987: %PIM-6-INVALID_RP_JOIN: Received (*, 239.11.11.11)
> Join from 12.12.12.1 for invalid RP 3.3.3.3
>
>
>
> --
> Garry L. Baker
>
> "There is no 'patch' for stupidity." - www.sqlsecurity.com
>
>
> On Wed, Oct 20, 2010 at 1:41 AM, Muzammil Malick <malickmuz_at_gmail.com>
> wrote:
>>
>> All
>>
>> I am struggling to understand exactly what the following command does.
>>
>> ip pim accept-rp <rp-address|auto-rp>
>>
>> The Documentation says:
>>
>> rp-address
>> RP address of the RP allowed to send join messages to groups in the
>> range specified by the group access list.
>>
>> auto-rp
>> Accepts join and register messages only for RPs that are in the Auto-RP
>> cache.
>>
>> For the RP-address what does this even mean? The RP does not send join
>> messages right? A join message here is an IGMP message i take it?
>>
>> For the auto-rp it says it accepts "join" and "register" messages.
>> Here I take it that a "join" is an IGMP message and that a "register"
>> is a source trying to register with the RP?
>>
>> Please can anyone shed any light as to what exactly the whole point is?
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Oct 20 2010 - 23:45:14 ART